CVE-2024-10025
📋 TL;DR
This vulnerability allows attackers to read default passwords stored in plain text within .sdd files, enabling unauthorized access to SICK industrial control products as 'Authorized Clients'. Organizations using affected SICK products with unchanged default passwords are at risk.
💻 Affected Systems
- SICK industrial control products using .sdd files
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full compromise of industrial control systems leading to operational disruption, data theft, or safety incidents if attackers gain authorized client access.
Likely Case
Unauthorized access to industrial systems allowing configuration changes, data exfiltration, or disruption of industrial processes.
If Mitigated
Minimal impact if default passwords have been changed and proper network segmentation is implemented.
🎯 Exploit Status
Exploitation requires access to .sdd files but is straightforward once obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check vendor advisory for specific versions
Vendor Advisory: https://sick.com/psirt
Restart Required: Yes
Instructions:
1. Download latest firmware from SICK support portal. 2. Backup current configuration. 3. Apply firmware update following vendor instructions. 4. Verify update completion and functionality.
🔧 Temporary Workarounds
Change Default Passwords
allImmediately change all default passwords on affected SICK devices
Network Segmentation
allIsolate SICK devices in separate network segments with strict access controls
🧯 If You Can't Patch
- Implement strict network segmentation and firewall rules to limit access to SICK devices
- Enable detailed logging and monitoring for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Check if .sdd files contain plaintext default passwords and verify if default passwords are still in useCheck Version:
Check device web interface or console for firmware version informationVerify Fix Applied:
Verify firmware version matches patched version from vendor advisory and test that default passwords no longer work📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful login
- Unauthorized configuration changes
- Access from unexpected IP addresses
Network Indicators:
- Unusual network traffic to/from SICK devices
- Protocol anomalies in industrial communication
SIEM Query:
source="sick_device" AND (event_type="authentication" AND result="success" AND user="default")🔗 References
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://sick.com/psirt
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.json
- https://www.sick.com/.well-known/csaf/white/2024/sca-2024-0003.pdf
